Internet of Things (IoT) devices have rooted themselves in the everyday life of billions of people. While they automate and simplify many aspects of the users’ lives, the widespread usage of IoT devices constitutes a security concern for our modern society. Aside from the privacy and safety implications of having a smart door lock that could succumb to an Internet-based attack, or a smoke detector that an assailant could disable by connecting to it from a compromised light bulb, vulnerabilities in these devices have wider implications. Recent large-scale attacks have shown that the sheer number of Internet-connected IoT devices poses a severe threat to the Internet infrastructure. The most prominent example is represented by the Mirai botnet that, in 2016, compromised millions of devices and leveraged them in denial-of-service attacks to disrupt core Internet services and shut down websites.
For these reasons, it is of crucial importance to assess the security of IoT devices. Analyzing and securing IoT devices present different and specific challenges than analyzing and securing traditional desktop computers. The main reason is that IoT devices are manufactured by a plethora of different vendors, which often use vendor-specific hardware and software (or firmware) for their products. Given the heterogeneity and widespread usage of IoT devices, we need novel, automated, and scalable solutions able to improve the security of these devices.
During my Ph.D., I approached the problem of securing IoT devices from different angles and using different strategies, which I present in detail in this dissertation. First, I introduce the IoT landscape, with particular attention to the peculiarities that characterize embedded firmware. Then, I present in detail my work that advances the state of the art of firmware security. In particular, I present (i) BootStomp, a novel tool to find bugs in bootloaders for embedded devices, (ii) Karonte, a novel static analysis approach to track data flows across the different components of a firmware sample to precisely uncover security vulnerabilities, (iii) Bintrimmer, a tool that relies on a novel abstract domain (called Signedness-Agnostic Strided Interval) to perform code debloating on binaries, thus decreasing the attack surface that could be used by an attacker to harm end-users, and, finally, (iv) DiAne, a novel approach to fuzz IoT devices that leverages the logic of the device’s companion app (i.e., the application commonly used to interact with IoT devices). I evaluate the performance of the proposed approaches and show that the developed tools are effective in improving the security of firmware for IoT devices.
|Advisor:||Vigna, Giovanni, Kruegel, Christopher|
|School:||University of California, Santa Barbara|
|School Location:||United States -- California|
|Source:||DAI-B 82/8(E), Dissertation Abstracts International|
|Subjects:||Computer science, Information Technology, Artificial intelligence|
|Keywords:||Firmware analysis, Firmware fuzzing, Firmware security, IoT devices, IoT security, System security|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be